On 04/23/2017 04:52 AM, chiru r wrote:
> Thank you for your reply.
>
> I agree, However we are planning, users not to have any direct
> privileges on database objects or default roles(like
> SUPERUSER,CREATEDB,REPLICATION..etc) in postgres.
>
> looking to create users(LOGIN) only and Grant all the privileges through
> roles like below.
>
> *Steps: *
> Create User
> Create role
> GRANT required privileges/default attributes(SUPERUSER,REPLICATION etc)
> to Role
> GRANT role to Users.
Yes, but in your original setup:
postgres=#
postgres=# create user backup_admin password 'XXXXX';
CREATE ROLE
postgres=# create role dba_admin SUPERUSER REPLICATION;
CREATE ROLE
postgres=# grant dba_admin to backup_admin;
GRANT ROLE
postgres=# alter user backup_admin set role to dba_admin;
ALTER ROLE
the practical effect is to have a user(backup_admin) with SUPERUSER
REPLICATION attributes every time they logged in(the exception being in
the pg_basebackup case, as well as other commands that follow the same
path). Not sure how that is different from just setting up a user with
the REPLICATION attribute.
>
> So,If I follow above process I am not able to do pg_basebackup.
> Now I have only options left either I have to use postgres user or
> create a user directly with replication role(Which we are not interested
> in).
>
> In future is there possibility to allow a user(using above steps) to do
> pg_basebackup?.
>
>
> Thanks,
> Chiru
>
>
>
--
Adrian Klaver
adrian.klaver@aklaver.com
